<?php
namespace UserSystem;

/**
 * 输入过滤类, dont trust any input
 * @author: wangxi
 */
class Input
{
    private function __construct()
    {
    }

    protected static $getParams = array();

    protected static $postParams = array();

    protected static $requestParams = array();

    /**
     * 内部get/post 过滤
     * @param        $key
     * @param null   $data
     * @param string $type
     * @return array|bool|mixed|string
     */
    protected static function parseInput($key=null, $data = null, $type = 'get')
    {
        switch ($type) {
            case 'get':
                $now_params = self::$getParams = $_GET;
                break;
            case 'post':
                $now_params = self::$postParams = $_POST;
                break;
            case 'request':
                $now_params = self::$requestParams = $_REQUEST;
                break;
            default:
                $now_params = $_GET;
                break;
        }

        if ($key==='') {
            //调试: 未过滤的输入数据
            if(!empty($now_params)){
                foreach($now_params as $key=>$val){
                    if($key=self::filterKey($key)){
                        $now_params[$key]=self::filterData($val);
                    }
                }
            }

            return $now_params;
        }

        //过滤查询的key
        $f_key = self::filterKey($key);
        if (false===$f_key) {
            return '';
        }

        if (isset($data)) {
            //设置参数
            if (isset($now_params[$f_key])) {
                $now_params[$f_key] = self::filterData($data);

                return true;
            }
        }
        else {
            //获取参数
            if (isset($now_params[$f_key])) {
                return self::filterData($now_params[$f_key]);
            }
        }

        return '';
    }

    /**
     * @param string $key
     * @return bool|string
     */
    protected static function filterKey($key = '')
    {
        if (!preg_match("/^[a-z0-9\\_\\-]+$/i", $key)) {
            return false;
        }

        return $key;
    }

    /**
     * @param string $data
     * @return mixed|string
     */
    protected static function filterData($data = '')
    {
        if (is_string($data) && !empty($data)) {

            //如果php版本低于5.4 且开启了GPC自动转义
            if (!check_php_version('5.4') && get_magic_quotes_gpc()) {
                $data = stripslashes($data);
            }

            $data = urldecode(trim($data));

            //转义引号
            addslashes($data);

            //过滤中间空格
            $data = preg_replace('/\s+/', '', $data);

            //禁止出现的字符串
            $forbidden_str = array(
                'document.cookie' => '',
                'document.write'  => '',
                '.parentNode'     => '',
                '.innerHTML'      => '',
                'window.location' => '',
                '<!--'            => '&lt;!--',
                '-->'             => '--&gt;',
                '<![CDATA['       => '&lt;![CDATA[',
                '<?'              => '&lt;?',
                '<'               => '&lt;',
                '>'               => '&gt;',
                '&'               => '&amp;'
            );

            //禁止出现的脚本前缀
            $forbidden_regx = array(
                'javascript\s*:', //js xss
                'expression\s*(\(|&\#40;)', // CSS and IE
                'vbscript\s*:', // IE vbscript xss
                'Redirect\s+302' //302 hack
            );

            $data = str_replace(array_keys($forbidden_str), $forbidden_str, $data);

            foreach ($forbidden_regx as $regex) {
                $data = preg_replace('#' . $regex . '#is', '', $data);
            }

            return $data;
        }

        return '';
    }

    /**
     * get参数处理
     * @param string $key
     * @param null   $data
     * @return array|bool|mixed|string
     */
    public static function get($key = '', $data = null)
    {
        return self::parseInput($key, $data, 'get');
    }

    /**
     * post参数处理
     * @param string $key
     * @param null   $data
     * @return array|bool|mixed|string
     */
    public static function post($key = '', $data = null)
    {
        return self::parseInput($key, $data, 'post');
    }

    /**
     * request参数处理
     * @param string $key
     * @param null   $data
     * @return array|bool|mixed|string
     */
    public static function request($key = '', $data = null)
    {
        return self::parseInput($key, $data, 'request');
    }

    public static function isGet(){
        return strtolower($_SERVER['REQUEST_METHOD'])=='get';
    }

    public static function isPost(){
        return strtolower($_SERVER['REQUEST_METHOD'])=='post';
    }

}